#VU6194 Improper input validation in Adobe Campaign - CVE-2017-2989
Published: April 11, 2017 / Updated: April 11, 2017
Vulnerability identifier: #VU6194
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-2989
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Adobe Campaign
Adobe Campaign
Software vendor:
Adobe
Adobe
Description
The vulnerability allows a remote attacker to read, write or delete data on the target system.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted file, trick the victim into opening it and read, write or delete data from the Campaign database.
Successful exploitation of the vulnerability results in compromise vulnerable system.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted file, trick the victim into opening it and read, write or delete data from the Campaign database.
Successful exploitation of the vulnerability results in compromise vulnerable system.
Remediation
Update to version 6.11 Build 8795.